CVE-2018-11212

libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c

Severity Score

6.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.

Se ha descubierto un problema en libjpeg 9a y 9d. La función alloc_sarray en jmemmgr.c permite que los atacantes remotos provoquen una denegación de servicio (error de división entre cero) mediante un archivo manipulado.

A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-05-16 CVE Reserved
2018-05-16 CVE Published
2024-07-11 EPSS Updated
2024-08-05 CVE Updated
2024-08-05 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-369: Divide By Zero

CAPEC

References (23)

URL	Tag	Source
http://www.ijg.org	X_refsource_misc
http://www.securityfocus.com/bid/106583	Third Party Advisory
https://github.com/zzyyrr/divide-by-zero-in-libjpeg-9d.git	X_refsource_misc
https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html	Mailing List
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03958en_us	X_refsource_confirm
https://www.oracle.com/security-alerts/cpuapr2022.html	X_refsource_misc

URL	Date	SRC
https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a	2024-08-05

URL	Date	SRC
https://security.netapp.com/advisory/ntap-20190118-0001	2022-04-20
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	2022-04-20

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00028.html	2022-04-20
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html	2022-04-20
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html	2022-04-20
https://access.redhat.com/errata/RHSA-2019:0469	2022-04-20
https://access.redhat.com/errata/RHSA-2019:0472	2022-04-20
https://access.redhat.com/errata/RHSA-2019:0473	2022-04-20
https://access.redhat.com/errata/RHSA-2019:0474	2022-04-20
https://access.redhat.com/errata/RHSA-2019:0640	2022-04-20
https://access.redhat.com/errata/RHSA-2019:1238	2022-04-20
https://access.redhat.com/errata/RHSA-2019:2052	2022-04-20
https://usn.ubuntu.com/3706-1	2022-04-20
https://usn.ubuntu.com/3706-2	2022-04-20
https://access.redhat.com/security/cve/CVE-2018-11212	2019-08-06
https://bugzilla.redhat.com/show_bug.cgi?id=1579973	2019-08-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ijg Search vendor "Ijg"		Libjpeg Search vendor "Ijg" for product "Libjpeg"				9a Search vendor "Ijg" for product "Libjpeg" and version "9a"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"		esm		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"		lts		Affected
Netapp Search vendor "Netapp"		Oncommand Unified Manager Search vendor "Netapp" for product "Oncommand Unified Manager"				*		-		Affected
Netapp Search vendor "Netapp"		Oncommand Unified Manager Search vendor "Netapp" for product "Oncommand Unified Manager"				>= 7.3 Search vendor "Netapp" for product "Oncommand Unified Manager" and version " >= 7.3"		windows		Affected
Netapp Search vendor "Netapp"		Oncommand Unified Manager Search vendor "Netapp" for product "Oncommand Unified Manager"				>= 9.4 Search vendor "Netapp" for product "Oncommand Unified Manager" and version " >= 9.4"		vmware_vsphere		Affected
Netapp Search vendor "Netapp"		Oncommand Workflow Automation Search vendor "Netapp" for product "Oncommand Workflow Automation"				*		-		Affected
Netapp Search vendor "Netapp"		Snapmanager Search vendor "Netapp" for product "Snapmanager"				*		oracle		Affected
Netapp Search vendor "Netapp"		Snapmanager Search vendor "Netapp" for product "Snapmanager"				*		sap		Affected
Oracle Search vendor "Oracle"		Jdk Search vendor "Oracle" for product "Jdk"				1.7.0 Search vendor "Oracle" for product "Jdk" and version "1.7.0"		update201		Affected
Oracle Search vendor "Oracle"		Jdk Search vendor "Oracle" for product "Jdk"				1.8.0 Search vendor "Oracle" for product "Jdk" and version "1.8.0"		update192		Affected
Oracle Search vendor "Oracle"		Jdk Search vendor "Oracle" for product "Jdk"				11.0.1 Search vendor "Oracle" for product "Jdk" and version "11.0.1"		-		Affected
Oracle Search vendor "Oracle"		Jre Search vendor "Oracle" for product "Jre"				8.0 Search vendor "Oracle" for product "Jre" and version "8.0"		update_191		Affected
Redhat Search vendor "Redhat"		Satellite Search vendor "Redhat" for product "Satellite"				5.8 Search vendor "Redhat" for product "Satellite" and version "5.8"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.0 Search vendor "Opensuse" for product "Leap" and version "15.0"		-		Affected